Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
948
Views
0
Helpful
2
Replies

ISE 2.3 Trustsec Configuration for Nexus 1000v

Go to solution
alex.dersch
Level 4
Level 4

‎08-12-2017 03:32 PM - edited ‎03-11-2019 12:56 AM

Hi, 

i am struggeling with the configuration of my Nexus 1000. In the Cisco TrustSec Quick Start Configuration Guide, in the section Defining TrustSec Devices within ISE it is mentioned to configure the option "Send configuration changes to device" to use CoA.

There is a following note "The step above configures communication between the 3650 and ISE. The step must be repeated to configure the communication between the Nexus1000v and ISE."

But it seems the Nexus is not capable of receiving CoA messages. Because ISE is giving me this error "11213 No response received from Network Access Device after sending a Dynamic Authorization request "

How can I update changes of my policies to the Nexus 1000v?

thanks for your feedback

Alex

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jonathan.cuthbert
Level 5
Level 5

‎08-13-2017 10:57 AM

Unless something dramatic has changed in the code, the N1Kv does not support CoA. 

You can use the CLI(SSH) instead.  That is a link to ISE 2.1 documentation, but the steps are identical in 2.3.

If you simply need the N1Kv to be aware of changes you have made in ISE configuration (such as in the TrustSec Matrix or SGACL, which would normally be pushed to a device via CoA), you can use a simple CLI command in NX-OS. 

N1kv# cts refresh role-based-policy

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jonathan.cuthbert
Level 5
Level 5

‎08-13-2017 10:57 AM

Unless something dramatic has changed in the code, the N1Kv does not support CoA. 

You can use the CLI(SSH) instead.  That is a link to ISE 2.1 documentation, but the steps are identical in 2.3.

If you simply need the N1Kv to be aware of changes you have made in ISE configuration (such as in the TrustSec Matrix or SGACL, which would normally be pushed to a device via CoA), you can use a simple CLI command in NX-OS. 

N1kv# cts refresh role-based-policy

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to jonathan.cuthbert

‎08-13-2017 11:10 AM

Hi Jonathan, 

thanks for your reply, just testing while I am writing this lines.

I assume this is also valid for the Neus 5K switches.

Best regards

Alex

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents